Global CyberSecurity

Malicious Magento User Creator


Last Updated on 07/21/2020 by OTC

We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting company.

The script is simple but very effective and can easily be overlooked as another Magento file without closer inspection. It’s based on a sample that has been circulating the Internet since 2012 and provides a boilerplate for attackers to easily specify user details.

Continue reading Malicious Magento User Creator at Sucuri Blog.

Blog Topics: How to find Your Sweet Spot (Even in a Boring Niche)

Previous article

Australia, Japan, Join U.S. for Trilateral Naval Exercise

Next article

You may also like


Comments are closed.